package org.halk.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 设置一个用户名密码
 *
 * @Author halk
 * @Date 2024/6/6 下午2:55
 **/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                // 允许所有人访问根路径
                .antMatchers("/").permitAll()
                // 其他请求需要身份验证
                .anyRequest().authenticated()
                .and()
                // 禁用表单登录（如果不需要）
                .formLogin().disable()
                // 启用HTTP Basic认证
                .httpBasic();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                // 用户名
                .withUser("halk")
                // 密码，"{noop}"表示不加密，仅用于测试
                .password("{noop}kkwdb")
                // 角色，默认为USER
                .roles("USER");
    }
}
